User threatened with physical harm! Ledger hacked, CEO shifts blame, says company is too small to afford compensation.

In July of this year, mainstream cryptocurrency hardware wallet manufacturer Ledger was reported to have experienced a data breach, with official statements initially indicating that detailed personal information of only 9,500 users was compromised. However, according to documents released by hackers recently, the actual number of leaked personal information exceeded 270,000 records, causing shockwaves with Ledger CEO's statement that they "can't afford" the consequences.

Third-Party API Key Leads to Data Breach

The incident began in July this year when Ledger revealed that due to a vulnerability in its user database, nearly one million email addresses and detailed personal information of 9,500 users were exposed, but emphasized that the security of funds remained unaffected.

However, data recently posted on the U.S. forum "RAIDFORUMS" showed that in addition to 1,075,382 email addresses, personal addresses, phone numbers, and wallet purchase details of 272,853 users were also leaked.

According to Ledger'sannouncement, the third-party API key exploited by hackers was immediately deactivated in July, and it was emphasized that the leaked data was not directly related to user assets. Users have 100% control over their private keys and are the only ones able to access them.

Ledger CEO: Looking to the Future

Following the incident, Ledger CEO Pascal Gauthier told the media outlet Decrypt that the company would not offer compensation for affected users, including those whose personal addresses were exposed. He stated:

When a company of our small size faces such a level of data leak, we cannot compensate a million users; it's just not possible, and it would only destroy the company. Instead, we are focusing on the future. Ledger is currently investing significant time and money in building the next generation of more secure products.

Users Face Physical Threats

The CEO's comments sparked dissatisfaction among users, leading to discussions on Twitter and Reddit. Many users reported receiving death threats. One user, B1ggusDckus,stated:

Ledger not only provides a poor user experience but also has a terrible attitude. If they can't even protect their database, how can users trust them to secure their assets? Now that everyone knows I have cryptocurrency, I've decided to switch to Trezor, another hardware wallet.

Another user, relephants,mentioned receiving multiple emails and messages every day, with the sender emphasizing knowledge of their address and cryptocurrency holdings, threatening that failure to pay "protection fees" would make things "complicated," even mentioning forced robbery and providing a payment address.

Founder Passing the Blame?

As the situation unfolded, Ledger CEO Pascal Gauthier seemed unwilling to address user feedback and instead provided a series of justifications. Regarding the death threats, he toldDecrypt:

It's unlikely that these threats are real; the data was actually leaked in June, but no one has reported actual attacks.

He even urged users not to move and believed that hardware wallets should not be kept at home, stating:

Would you leave a million dollars at home? If you have that much money, you shouldn't keep your hardware wallet at home.

Gauthier almost entirely shifted the responsibility to the users in the discussion, seemingly suggesting that users facing physical threats could be a catalyst for them to truly pay attention to their privacy in this field. He remarked:

If this incident becomes a catalyst for threats to personal safety, perhaps users in this field will truly begin to pay attention to their privacy.

He also argued that users should not blame Ledger, as users could have chosen to provide only an email or company address but opted to disclose their home addresses.

With many users expressing disbelief at Ledger's stance, some have indicated they will no longer consider using the company's products. Some users humorously suggested that in light of potential threats due to the data breach, Ledger should consider a redesign for their latest production line: